Permit/deny lists and behavior

[perl-list]

the absence of any allow or deny keywords just means that the dhcp server does not consider if a client is known or unknown for that subnet.

If you add allow known-clients or allow unknown-clients then the inverse becomes true (deny known-clients and deny unknown-clients respectively).

You cannot have both an allow and a deny in the same subnet.  It won't be considered a syntax error but it also won't do what you expect.

Known clients are defined by having a host {} entry.

Unknown clients mean they have no host {} entry.

You can also allow/deny members of a class {}.  These you might see multiple allow lines like:

allow members of "class1";
allow members of "class2";

----- Original Message -----
> From: "Marki" <dhcp-users at lists.roth.lu>
> To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> Sent: Wednesday, November 16, 2022 9:15:28 AM
> Subject: Permit/deny lists and behavior

> Hello,

> Maybe someone can enlighten me:

> The default seems to be that
> * dynamic address assignment to unknown clients is allowed ("allow
> unknown-clients" is implicit) and
> * at the same time static allocations are allowed as well ("allow
> known-clients" is implicit).

> This is kind of a contradiction to "If a pool has a permit list, then
> only those clients that match specific entries on the permit list will
> be eligible to be assigned addresses from the pool."

> Or does that mean if I explicitly write "allow known-clients", then
> unknown clients will be rejected? Is "unknown-clients" a "list" in that
> regard?

> Best regards,
> Marki

> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.

> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users